Purpose

The Act has been patterned on the Model Law on Electronic Commerce adopted by the United Nations Commission on International Trade Law (UNCITRL) and on the Electronic Transaction Act 1998 of Singapore.

The purpose of the act is to:
i. Provide the legal framework necessary for electronic commerce
ii. Facilitate electronic filing of documents with Government agencies and iii. Amend the Indian Penal Code, the Indian Evidence Act, the Banker's Book of Evidence Act and the Reserve Bank of India Act.

Overview of the act

The Act is made up of thirteen chapters and four schedules. The coverage of the various chapters is broadly as under:
Chapter i. Contains the Preliminary Clauses, namely the name and purpose of the Act and the definitions of the various terms used in subsequent chapters of the Act.

Chapter ii. Is titled 'Digital Signature' and recognises authentication of electronic records by the use of asymmetric crypto system and hash function.

Chapter iii. Is titled 'Electronic Governance'. It allows for information to be submitted to Government Departments in electronic form and for affixing digital signatures instead of signing by hand. It also legalises preserving records in electronic form instead of physical document/ ledger form.

Chapter iv. Is titled 'Attribution, Acknowledgement and Dispatch of Electronic Records'. It accords permission for originating and acknowledging records by electronic means.

Chapter v. Is titled 'Secure Electronic Records and Secure Digital Signature'. It essentially recognises an electronic record to which the security procedure to be prescribed by the government has been applied and has been signed with a digital signature, as a secure electronic record.

Chapter vi. Is titled 'Regulation of Certifying Authorities'. It lays down the broad authority structure for implementing Public Key Infrastructure (PKI). Thus it provides for appointment of Controllers and other officers for licensing and monitoring (Key) Certifying Authorities (CAs). It also defines their functions broadly and prescribes the procedures for granting, renewing, rejecting and suspending CA Licenses.

Chapter vii. Is titled 'Digital Signature Certificates'. It deals with the duties and responsibilities of the Certifying Authorities.

Chapter viii. Is titled 'Duties of Subscribers'. As the title itself indicates, it deals with the duties of the end users, who will be receiving one or more digital certificates from the CAs.

Chapter ix. Is titled 'Penalties and Adjudication'. This chapter lays down the penalties for causing damage to computer, computer systems, etc. It also provides for appointing adjudicating officers for dealing with cyber crimes and defines their powers.

Chapter x. Is titled 'The Cyber Regulations Appellate Tribunal'. It provides for setting up an appellate tribunal for handling appeals arising out of the Adjudicating Officers decisions. It lays down the procedure for setting up the Tribunal and defines its powers.

Chapter xi. Is titled 'Offences'. It prescribes the penalties for Cyber Crimes like tampering with source documents, obscene electronic publishing, hacking and falsifying Digital Signature details.

Chapter xii. Is titled 'Network Service Provider not to be liable in certain cases'. It clarifies that a Network Provider is not responsible for the offences committed by its subscriber, provided the offences have been committed without its knowledge and the Network Service Provider has exercised due diligence to prevent such an offence.

Chapter xiii. Is titled 'Miscellaneous'. It deals with residual issues. The most important of them is the power it confers on Police Officers (not below the rank of Deputy Superindendent of Police). They are empowered "to enter any public place and search and arrest without a warrant any person found therein who is reasonably suspected or having committed or of committing or of being about to commit any offence under this act". It also empowers the Central Government to frame and notify rules under the Act.

The thirteen chapters of the Act are followed by Schedules. The First, Second, Third and Fourth Schedules contain the amendments to the Indian Penal Code, The Evidence Act, The Banker's Book of Evidence Act and The Reserve Bank of India Act respectively.

What next?

After the presidential assent is received, the government will have to notify the date from which the Act will come into force. But, before such effect can be given, the Government will first have to:
a) appoint the various authorities mentioned in the act like
i) Controller of Certifying Authorities,
ii) Adjudicating Officers and
iii) Cyber Regulations Appellate Tribunal

b) Specify the standards to be adopted like
i) One among the competing algorithms like RSA, Elliptic Curve, etc. to be used for encryption
ii) The hashing algorithm to be used and
iii) The length (512, 1024, ..) of the key to be used for encryption

c) Draw up and/ or notify a number of procedures like
i) The Security Procedure to be adopted by users for terming transactions as electronically secure
ii) The manner and format in which digital signature should be affixed
iii) The manner or procedure which facilitates identification of the person affixing the digital signature
iv) The Certificate of Practice to be provided by aspiring CAs and
v) Jurisdictional area of the Adjudicating Officers

Thus, the Central Government has a lot of homework to do, before the Act can be brought into force. However, Chapter I of the Act empowers the Government to bring into force different provisions of the Act on different appointed dates. So, it is possible for the Government to activate different parts of the Act as and when the relevant preparations are complete.